Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

netservices

advertisement 
Objectives
• Install, configure, and troubleshoot DNS
• Install, configure, and troubleshoot DHCP
• Install, configure, and troubleshoot Microsoft
Internet Information Services
1
Implementing Microsoft DNS
• Domain Name System (DNS)
– A TCP/IP application protocol that enables a DNS
server to resolve (translate):
• Domain and computer names to IP addresses
• IP addresses to domain and computer names
• DNS servers provide the DNS namespace for an
enterprise
• One of the requirements for using Active Directory
on a Windows Server 2008 network is to have a
DNS server on the network
Hands-On Microsoft Windows Server 2008
2
Installing DNS Services
• DNS is installed as a server role in Windows Server
2008
• The installation steps for DNS are similar to those for
DHCP
– Both are installed as Windows components
Hands-On Microsoft Windows Server 2008
3
DNS Zones
• DNS name resolution is enabled through the use of
tables of information
– That link computer names and IP addresses
• The tables are associated with partitions in a DNS
server that are called zones
– Contain resource records
• Forward lookup zone
– The zone that links computer names to IP addresses
– Holds host name records called address records
Hands-On Microsoft Windows Server 2008
4
DNS Zones (continued)
• In IP version 4, a host record is called a host
address (A) resource record
• An IPv6 record is called an IPv6 host address
(AAAA) resource record
• When you install DNS on a domain controller (DC) in
a domain
– A forward lookup zone is automatically created for the
domain with the DNS server’s address record already
entered
Hands-On Microsoft Windows Server 2008
5
Hands-On Microsoft Windows Server 2008
6
Using the DNS Dynamic Update
Protocol
• Microsoft DNS is also called Dynamic DNS (DDNS)
– A modern form of DNS that enables client computers
and DHCP servers to automatically register IP
addresses
• DNS dynamic update protocol
– Enables information in a DNS server to be
automatically updated in coordination with DHCP
Hands-On Microsoft Windows Server 2008
7
DNS Replication
• Primary DNS server
– The DNS server that is the main administrative server
for a zone and thus is also the authoritative server for
that zone
• Secondary DNS server
– Contains a copy of the primary DNS server’s zone
database, but is not used for administration (is not
authoritative)
– Obtains that copy through a zone transfer over the
network
Hands-On Microsoft Windows Server 2008
8
DNS Replication (continued)
• Vital services performed by secondary DNS servers:
– To make sure that there is a copy of the primary DNS
server’s data
– To enable DNS load balancing among a primary DNS
server and its secondary servers
– To reduce congestion in one part of the network
• If you use Active Directory and have two or more
DCs
– Plan to set up Microsoft DNS services on at least two
of the DCs
Hands-On Microsoft Windows Server 2008
9
Stub Zone
• Stub zone has only the bare necessities for DNS
functions, which are copies of the following:
– SOA record zone
– Name server (NS) records to identify authoritative
servers
– A record for name servers that are authoritative
• One common use for a stub zone is to help quickly
resolve computer names
– Between two different namespaces
Hands-On Microsoft Windows Server 2008
10
Additional DNS Server Roles
• It is common to designate one DNS server to
forward name resolution requests to a specific
remote DNS server
• A DNS server can function as a caching server
– A caching server is used to provide fast queries
because the results of each query are stored in RAM
– One limitation of using caching servers is that it takes
time for each one to build up a comprehensive set of
resolved names to IP addresses
Hands-On Microsoft Windows Server 2008
11
Hands-On Microsoft Windows Server 2008
12
Creating a DNS Implementation Plan
• Recommendations
– Implement Windows Server 2008 DNS servers
instead of other versions of DNS, and use Active
Directory
– Plan to locate a DNS server across most site links
– Create two or more DNS servers to take advantage of
the load balancing
– Designate one DNS server as a forwarder to reduce
traffic
– The number of DNS servers that you set up can be
related to your analysis of an organization
Hands-On Microsoft Windows Server 2008
13
DNS Enhancements
• Microsoft DNS servers now include support for
IPv6
• Background zone loading
– This means that a DNS server that has a large
number of entries in its zones can load those entries
as a background process
• DNS server can be housed on a Read-Only
Domain Controller (RODC) for branch offices
Hands-On Microsoft Windows Server 2008
14
Troubleshooting DNS (continued)
Hands-On Microsoft Windows Server 2008
15
Implementing Microsoft DHCP
• Dynamic Host Configuration Protocol (DHCP)
– Enables a Windows Server 2008 server with DHCP
services to detect the presence of a new workstation
– Assign an IP address to that workstation
• The DHCP server has a pre-assigned range of IP
addresses that it can give to a new client
• Microsoft DHCP server can support the following:
– Dynamic configuration of DNS server forward and
reverse lookup zone records
– Up to 1000 different scopes
– Up to 10,000 DHCP clients
Hands-On Microsoft Windows Server 2008
16
Implementing Microsoft DHCP
(continued)
• A Windows Server 2008 server can be configured in
the role of a DHCP server using Microsoft DHCP
services
• The DHCP server automatically updates the DNS
server at the time it assigns an IP address
– Using dynamic DNS updates can significantly save
time in creating DNS lookup zone records
Hands-On Microsoft Windows Server 2008
17
Implementing Microsoft DHCP
(continued)
• A Microsoft DHCP server can also:
– Reserve an IP address for a specific computer
– Update all computers on a network for a particular
change in DHCP settings
– Provide DHCP services to multiple subnetworks
– Omit certain IP addresses from a scope
Hands-On Microsoft Windows Server 2008
18
Configuring a DHCP Server
• First, set up one or more scopes of contiguous
address ranges and activate each scope
• Configuring a scope includes the following:
– Obtain the range of addresses to be used
– Determine the subnet mask for the range of addresses
– Decide on a name for the scope, such as naming it to
reflect the name of a department or division in your
organization
– Decide how long to lease IP addresses
– Determine whether to exclude specific addresses
Hands-On Microsoft Windows Server 2008
19
Configuring a DHCP Server
(continued)
• Second, authorize the DHCP server
– The process of authorizing the server is a security
precaution to make sure IP addresses are only
assigned by DHCP servers that are managed by
network and server administrators
• Third, a step that is not required, but that saves time
in managing DNS, is to configure the DHCP server
and its clients to automatically update DNS records
Hands-On Microsoft Windows Server 2008
20
DHCPv6 Support
• Windows Server 2008 and Windows Vista both
enable a network to use Dynamic Host
Configuration Protocol for IPv6 (DHCPv6)
– For networks that are working to implement IPv6
• The Microsoft implementation of DHCPv6
– Follows the official standard for DHCPv6
– Supports both stateful and stateless autoconfiguration
Hands-On Microsoft Windows Server 2008
21
Hands-On Microsoft Windows Server 2008
22
Implementing Microsoft Internet
Information Services
• Microsoft Internet Information Services (IIS)
– Software included with Windows Server 2008 that
enables you to offer a complete Web site
• Internet Server Application Programming
Interface (ISAPI)
– A group of DLL (dynamic link library) files that are
applications and filters
• Web Server (IIS) role services
– World Wide Web
– File Transfer Protocol (FTP)
– Simple Mail Transfer Protocol (SMTP)
Hands-On Microsoft Windows Server 2008
23
Implementing Microsoft Internet
Information Services (continued)
• Windows Server 2008 is a good candidate for a Web
server for several reasons
– Windows Server 2008’s privileged-mode architecture
and fault-tolerance capabilities
– Windows Server 2008 is compatible with small and
large databases
• Users can log in to a database through the IIS Open
Database Connectivity (ODBC) drivers
– Compatible with Microsoft Point-to-Point Encryption
(MPPE) security, IP Security (IPsec), and the Secure
Sockets Layer (SSL) encryption technique
Hands-On Microsoft Windows Server 2008
24
Implementing Microsoft Internet
Information Services (continued)
• IIS is newly designed for Windows Server 2008
– Broken into modules or features so that you can install
only the features you need
– Presents a smaller attack surface and makes IIS more
efficient
Hands-On Microsoft Windows Server 2008
25
Hands-On Microsoft Windows Server 2008
26
Internet Information Services (IIS)
Manager
• Through this tool, you can do the following:
– Connect to a Web server on your computer or
remotely connect to a Web server, an application, or
site
– Have connections to multiple Web servers,
applications, and sites
– Manage a Web server
– Manage ASP.NET
– Manage authorization for users and for specific Web
server roles
Hands-On Microsoft Windows Server 2008
27
Internet Information Services (IIS)
Manager
• Through this tool, you can do the following:
(continued)
–
–
–
–
–
Manage Web server logging
Compress Web server files
Manage code modules and worker processes
Manage server certificates
Troubleshoot a Web server
Hands-On Microsoft Windows Server 2008
28
Hands-On Microsoft Windows Server 2008
29
Creating a Virtual Directory
• Virtual directory
– A physical folder or a redirection to a Uniform
Resource Locator (URL) that points to a folder
• So that it can be accessed over the Internet, an intranet,
or VPN
• The reason for creating a virtual directory is to
provide a shortcut path to specific IIS server content
• When you set up a virtual directory, you give it an
alias
– A name to identify it to a Web browse
Hands-On Microsoft Windows Server 2008
30
Creating a Virtual Directory
(continued)
Hands-On Microsoft Windows Server 2008
31
Creating a Virtual Directory
(continued)
• After a virtual directory is created, you can modify its
properties in IIS Manager
• You can set up the virtual directory to be shared
– So that users who need access to add contents to the
directory can do this over the network
Hands-On Microsoft Windows Server 2008
32
Hands-On Microsoft Windows Server 2008
33
Creating a Virtual Directory
(continued)
Hands-On Microsoft Windows Server 2008
34
Managing and Configuring an IIS Web
Server
• The Internet Information Services tool enables you to
manage IIS components including the following:
–
–
–
–
Application pools
Sites
SMTP e-mail
Certificates
• Application pools enable you to group similar Web
applications into pools or groups for management
• Sites is a folder used to manage multiple Web sites
from one administrative Web server
Hands-On Microsoft Windows Server 2008
35
Managing and Configuring an IIS Web
Server (continued)
• The SMTP E-mail Page feature is used to manage
Internet e-mail via e-mail programs
– Takes advantage of the application programming
interface, system.net.mail
• Through the certificates feature, you can configure
and monitor certificate security that is used with
other Web sites
Hands-On Microsoft Windows Server 2008
36
Hands-On Microsoft Windows Server 2008
37
Hands-On Microsoft Windows Server 2008
38
Troubleshooting a Web Server
• Occasionally a Web server can experience
problems, such as users not being able to connect to
the server
• Table 8-8 lists possible problems and their solutions
Hands-On Microsoft Windows Server 2008
39
Hands-On Microsoft Windows Server 2008
40
Using Active Directory Certificate
Services
• Public key infrastructure (PKI)
– Linking a public key or a combination of public and
private keys to a user or network entity
– Uses a certificate authority to issue public key-based
digital certificates to trustworthy network entities
• Certificate authority (CA)
– Network entity or host that issues digital certificates
of trust verifying certificate holders’ legitimacy
41
Using Active Directory Certificate
Services (cont’d.)
• Public key
– Encryption method that uses a public key and
private key combination
• Asymmetric encryption
– One key used to encrypt the data, and the other key
used to decrypt it
• Public key/private key method
– Uses an encryption algorithm developed by Whitfield
Diffie and Martin Hellman
42
Using Active Directory Certificate
Services (cont’d.)
• X.509 standards for digital certificates
– Developed by International Organization for
Standardization (ISO)
– Function as proof of identity for a specific network
entity
43
Using Active Directory Certificate
Services (cont’d.)
• X.509 certificate contains:
–
–
–
–
–
–
–
Certificate format version
Certificate serial number
Signature algorithm identifier
Certificate authority (certificate issuer)
Length of time the certificate is valid
ID of the certificate holder
Public key data
44
Using Active Directory Certificate
Services (cont’d.)
• Active Directory Certificate Services role
– Available in Windows Server 2008 Standard,
Enterprise, and Datacenter Editions
• Online Responder Service
– Determines the status of digital certifications
– Uses the Online Certificate Status Protocol
(OCSP) to obtain and decode status information
45
Planning Active Directory Certificate
Services
• Understand the four kinds of CAs that can be set
up in a Microsoft server environment
–
–
–
–
Enterprise root CA
Enterprise subordinate
Standalone root
Standalone subordinate
• Root CA is always configured before any other CAs
46
Planning Active Directory Certificate
Services (cont’d.)
Figure 9-7 CA hierarchy
Courtesy Course Technology/Cengage Learning
47
Planning Active Directory Certificate
Services (cont’d.)
• Implement enterprise root CA and enterprise
subordinates
– Not standalone model
• Take into account the ways in which an
organization can make most use of AD CS
• PKI with multiple subordinate CAs has built-in
redundancy
48
Planning Active Directory Certificate
Services (cont’d.)
• Role services for Active Directory Certificate
Services:
–
–
–
–
Certificate Authority
Certification Authority Web Enrollment
Online Responder
Network Device Enrollment service
49
Certificate Services Roles
• Recommended to divide responsibilities for
handling money and important security tasks in an
organization
• AD CS enables dividing CA responsibilities into two
roles:
– CA administrator
• Person or persons who manage the CA server
– Certificate manager
• Given to those who determine which users to enroll for
certificates and when to revoke certificates
50
Related documents
Basic Server Roles: File Services Role: The File Services Role has
Basic Server Roles: File Services Role: The File Services Role has
AD Messaging Engineer
AD Messaging Engineer
Questions for Unit-7
Questions for Unit-7
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
HOMEWORK 1 • DNS stands for do not submit (1) DNS Make up a
Chapter 1Computer Concept
Chapter 1Computer Concept
Assignment-2_old Paper
Assignment-2_old Paper
Lab 11 - Personal Web Pages
Lab 11 - Personal Web Pages
What Is DNS, And Why Do I Care
What Is DNS, And Why Do I Care
Download
advertisement